Release Date: 13/07/2025 | Issue: 296
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The AI Replacement for your SAST
ZeroPath is the first entirely LLM-driven AppSec platform - built from the ground up to expedite your team's detection, triage, and remediation of appsec issues. It catches complex vulnerabilities that rule-based scanners miss, like second-order SQL injection, authentication bypasses, and IDORs. Get dramatically less noise than traditional SAST, with automated fixes developers actually merge.

See What Your Current Scanners Are Missing

This week's articles


Extend Docker Compose with Provider Services
Docker Compose now supports provider services to connect to external systems. No wrappers needed.   #announcement   #containers


Security Benchmarking Authorization Policy Engines: Rego, Cedar, OpenFGA & Teleport ACD
An in-depth threat modeling exercise involving Cedar, Rego, and OpenFGA policy languages.   #explain


Kubernetes security fundamentals: Authorization
A look at how authorization works in Kubernetes.   #explain   #kubernetes


How To Backdoor a Kubernetes in silence
This article mainly aims to introduce the usage and post exploitation of various certificates and authentication technologies in Kubernetes.   #attack   #iam   #kubernetes


eBPF-based networking & security integration with Microsoft Sentinel
This post explores the setup and configuration of Cilium and Tetragon in Azure Kubernetes Service and integrating & monitoring with Microsoft Sentinel.   #azure   #kubernetes   #monitor

Sponsor

Depot Now Offers Egress Filtering for GitHub Actions Runners
You can now restrict outbound traffic from your GitHub Actions workflows using Depot’s egress filtering. It gives you control over which hosts your builds can reach, whether you're trying to prevent data from leaking, reduce your attack surface, or just keep things locked down by default. And since it runs on the same high-performance infrastructure as the rest of Depot, you’re not giving up speed for security.

Check out the release and try Depot today

Tools


sample-visualizing-access-rights-for-identity-on-aws
This is a sample solution that demonstrates how to use AWS IAM Identity Center with Neptune to visualize and map relationships between identities and resources.


iam-shrink
Make AWS IAM policies smaller by adding wildcards to actions.


shade
PoC shadow SaaS and insecure credential detection system using a browser extension.


gogs
A painless self-hosted Git service.


force-push-scanner
Scan for secrets in dangling commits on GitHub using GH Archive data.


deptective
Deptective automatically determines the native dependencies required to run any arbitrary program or command. You can also refer to the companion blog post.


bitchat
A secure, decentralized, peer-to-peer messaging app that works over Bluetooth mesh networks.

From the cloud providers


#AWS   Threat Technique Catalog for AWS
The Threat Technique Catalog for AWS describes techniques used by threat actors to take advantage of security misconfigurations or compromised credentials on the customer side ("Security in the Cloud") of the shared responsibility model.


#AZURE   Microsoft expands Zero Trust workshop to cover network, SecOps, and more
Microsoft announced the expansion of the Zero Trust workshop to cover the additional technical pillars of Zero Trust, assisting customers on strategies that may contribute to securing their network, infrastructure, and connecting all these elements with security operations (SecOps).

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini